a38ad0fe26af0381fa0ece13c4b61ccb13a156611b72c5641639c55db91debab | Triage

Analysis

max time kernel
40s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 21:47

Sharing

Report Analysis Logs

General

Target

a38ad0fe26af0381fa0ece13c4b61ccb13a156611b72c5641639c55db91debab.dll
Size

3KB
MD5

f3e05dae0d8092f127b9a1bdc5d1429a
SHA1

81e70153900d9f5811c717038e6b3e8f1cb786e0
SHA256

a38ad0fe26af0381fa0ece13c4b61ccb13a156611b72c5641639c55db91debab
SHA512

007764dc3cfbb6fa43467c20496aafe7cbbe90fda36580d27165b63127115cf1542b826448ba3dceab9bde16233c038c2086e5f4a1050ca3692907e4a52e8aaa

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 984 wrote to memory of 848	984	rundll32.exe	27
PID 984 wrote to memory of 848	984	rundll32.exe	27
PID 984 wrote to memory of 848	984	rundll32.exe	27
PID 984 wrote to memory of 848	984	rundll32.exe	27
PID 984 wrote to memory of 848	984	rundll32.exe	27
PID 984 wrote to memory of 848	984	rundll32.exe	27
PID 984 wrote to memory of 848	984	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a38ad0fe26af0381fa0ece13c4b61ccb13a156611b72c5641639c55db91debab.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a38ad0fe26af0381fa0ece13c4b61ccb13a156611b72c5641639c55db91debab.dll,#1
  2⤵
  PID:848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/848-55-0x0000000075ED1000-0x0000000075ED3000-memory.dmp

Filesize
8KB

Download